Tuesday, April 30, 2013

Announcing OSG Software version 3.1.17

We are pleased to announce OSG Software version 3.1.17!

This is the new OSG Software distributed via RPMs for:

* Scientific Linux 5 and 6
* CentOS 5 and 6
* Red Hat Enterprise Linux 5 and 6

This release affects the client, the compute element, and the storage element. Changes include:

* GSI-OpenSSH updated to version 5.6 to fix a security issue
* jGlobus updated to version 2.0.5
* VOMS 2.0.8 clients patched to support SHA-2 proxies
* Pegasus updated to version 4.2.0
* XRootD updated to version 3.3.1
* OSG-Configure bugfixes

Version 3.1.17 also contains the first release of the tarball installs for the
worker-node-client and the client. These tarballs contain a complete
installation of the client or worker-node-client software that can be installed
by an unprivileged user, or into a non-standard location such as an NFS share.

Installation guides are available at:
https://www.opensciencegrid.org/bin/view/Documentation/Release3/InstallWNClientTarball
for the worker-node-client, and:
https://www.opensciencegrid.org/bin/view/Documentation/Release3/InstallOSGClientTarball
for the full client.

Release notes and pointers to more documentation can be found at:

https://www.opensciencegrid.org/bin/view/Documentation/Release3/Release317

Need help? Let us know:

https://www.opensciencegrid.org/bin/view/Documentation/Release3/HelpProcedure

We welcome feedback on this release!

- Matyas Selmeci
OSG Software Team

Tuesday, April 23, 2013

REMINDER: Pacman End of Life

Dear OSG Site Admins,

As we previously announced, the OSG has reached a point where 70% of all resources have updated to the new RPM based packaging of the OSG software stack. Thank you to everyone that contributed to make this a successful transition. As you know from previous emails, Pacman soon will no longer be supported.

The End of Life (EOL) date for Pacman is May 31, 2013. An important driver for this date is that the OSG will be transitioning to SHA2 based certificates in mid August and these will cause a number of compatibility issues with Pacman software; there are no plans to retrofit OSG 1.2 (the Pacman distribution) with SHA2 capabilities.

If you have concerns, we need to hear from you. We are aware of the need for a non-root worker node installation option required at some resources. The OSG Software Team is working hard to make sure this option is available well before the EOL date. If there are other issues that might prevent you from upgrading before the EOL date, please let us know so that we can help you make a smooth transition.

Notice of voms-admin-client output changes

OSG Software upgraded voms-admin-client from 2.0.16 to 2.0.17 in the 3.1.13
release on 29 January 2013. It was recently discovered that the output
format of various CLI commands, such as "voms-admin list-users", changed in
that release. Users who rely on the voms-admin CLI output format should
adjust accordingly.

Thanks to Steve Timm for pointing out this change.

Tuesday, April 16, 2013

GOC Services Update - Tuesday, April 23rd at 14:00 UTC

The GOC will upgrade the following services beginning Tuesday, April 23rd, 2013 at 14:00 UTC. The GOC reserves 8 hours in the unlikely event that unexpected problems are encountered.  We encourage users to test affected services before the production release.


software.grid.iu.edu
* Placing a deprecation banner on the homepage [GOC Ticket 14581]


OIM 3.16
* PKI / Completed user certificate re-request functionality [OSGPKI-363]
* PKI / Made password fields to not reset during user certificate request [OSGPKI-370]
* PKI / Added request_comment parameter for host revoke API [OSGPKI-369]
* PKI / Added RSA key size validation during host certificate request [OSGPKI-316]
* PKI / Added capability to add more than 1 CSR in host certificate request web form
* PKI / Fixed ticket/update to set nextaction correctly, and send assignee update
* Added "What is (NoCert)" link and documented what it means. [OSGPKI-336]
* (patched) PKI / Fixed incorrect checking of certificate request DN instead of DN record during user certificate approval / request


MyOSG 2.9
* Upgrading to PHP 5.3
* Added Perfsonar Matrix page (experiemental) which displays perfsonar matrix result
* Added Perfsonar Hoststatus page (experimental) which displays current perfsonar host status.
* Improved the way LDIF bdii information XML is cached and made it to reuse old cache in case of connection timeout.
* Updated MiscEvent page to use dynamic timestamp
* Redesigned voactivation page, and rggipstatus page.

All Services
There will be OS updates; reboots will be required.  Downtime should be minimal, and the usual high-availability mechanisms will be used to reduce service downtime even further and eliminate it in most cases.  However, services may experience degraded performance, and the services without HA mechanisms (OIM and Twiki) will still experience brief downtimes.

Monday, April 15, 2013

Proposed non-RPM clients for OSG Software

With OSG Software version 3, the OSG has moved to RPMs as the primary means of distributing software to sites. However, we understand that some users need to install client tools without RPMs, either because the install must be performed without root access or because the installed software must be contained within a single, separate directory hierarchy (or both).

The OSG Software team will soon provide non-RPM client packages that can be installed anywhere by anyone. Specifically, each package will install into a single directory on a filesystem and the installation process will work for any user with appropriate permissions. There will be separate packages for the worker node client and full client.

The new packages will be downloadable tarballs (i.e., compressed archives), one for each kind of client (worker node and full), major operating system release (EL5 and EL6), and architecture (32- and 64-bit). The new tarballs will be derived from the corresponding production RPMs of osg-wn-client and osg-client.

Users will download and unpack an appropriate tarball, then run a script contained therein to finish the installation. Before actual use, each user will need to source a setup script, as was done with Pacman installations.

Because we cannot assume much about the host system, the tarballs and their resulting installations will necessarily contain some software components from the underlying OS and EPEL repositories. We will strive to minimize the number of such components, but some will remain. Site administrators should understand that we will not issue updates to our tarballs every time the underlying OS and EPEL repositories change, but instead only as part of normal OSG Software releases. This policy applies to security and non- security package updates from the OS and EPEL.

Administrators will be responsible for updating from one tarball release to another. Mostly, this process will simply be to download and unpack each new release to a separate directory. A symbolic link can be used to provide a consistent path to the current release. Manual modifications to package files will have to be applied for each release or copied over.

Technical work is nearly complete on this project, and we are aiming for a April 30th release. That date should leave ample time to complete updates well before the planned May 30 End-Of-Life for OSG 1.2 (Pacman).

We welcome feedback on this plan at goc@opensciencegrid.org or osg-software@opensciencegrid.org.

Tuesday, April 9, 2013

Update on OSG PKI Outage

Dear OSG RA agent, GridAdmins,

The PKI outage reported late Friday afternoon (5/Apr) was resolved as of 7:04 pm (eastern) Friday. Please resume normal use of the PKI and the GOC apologizes for any inconvenience.

Tuesday, April 2, 2013

OSG Software version 3.1.16 Released

We are pleased to announce OSG Software version 3.1.16!

This is the new OSG Software distributed via RPMs for:

* Scientific Linux 5 and 6
* CentOS 5 and 6
* Red Hat Enterprise Linux 5 and 6

This release affects most sites. Changes include:
* Update osg-ca-scripts (that is, 'osg-ca-manage' and 'osg-update-certs')
* A bug fix in the 'osg-ca-certs-updater' service
* Various fixes for LSF support to osg-configure, the LSF Gratia
probe, and the LSF Globus GRAM Jobmanager
* Upgrade the OSG PKI Tools to 1.1.0
* Update VO client data to v44.

Important: Due to a change in the EPEL repositories that we depend on,
if you already have xrootd-server installed on a system, you must
update that system by running
"yum update --exclude='xrootd*'" instead of just "yum update".

Release notes and pointers to more documentation can be found at:

https://www.opensciencegrid.org/bin/view/Documentation/Release3/Release3116

Need help? Let us know:

https://www.opensciencegrid.org/bin/view/Documentation/Release3/HelpProcedure

We welcome feedback on this release!

GOC Services Update - Tuesday, April 9th at 14:00 UTC

The GOC will upgrade the following services beginning Tuesday, April 9th, 2013 at 14:00 UTC. The GOC reserves 8 hours in the unlikely event that unexpected problems are encountered. We encourage users to test affected services before the production release.


Jira
* Installing Jira Subversion plugin [JIRA-17]


OIM 3.15
* Removing duplicate DNs registered in OIM.
* Allowing OIM user to cancel guest submitted request if given valid password.
* Changed the timing of DN insertion and when to enable contact to after certificate is issued.
* Added a better label asking to remember certificate password.
* (patched) Fixed request after/before bug on certificate request search page.


GratiaWeb 1.1-12
* https://jira.opensciencegrid.org/browse/GRATIAWEB-30

removed filter for proxy and added a change to displayName function
dn=re.sub('/CN=proxy$', '', dn) and also a fix for blank names with if attr == 'CN'
and not val.isdigit(): in file database/query_handler.py


MyOSG 2.8
* Removing ExportCertData parameter from Apache SSL config
* Added “available software” information in bdii browser / cluster page
* Updating VOMS Status Monitor Consolidator to use vo-client-edgmkgridmap RPM instead of pacman [MYOSG-65]


GOC Ticket 1.62
* Removing ExportCertData parameter from Apache SSL config.
* Added check for empty Solr search result to suppress error message.
* Added attachment controller that exposes attachments via application controller. Added public read-only attachment interface, and switched attachment url to the goc ticket attachment [TICKET-65]
* Added a spam filter for guest ticket submission (only on /submit for now) [TICKET-73]
* Added element to AMQP publisher to be consumed by MyOSG real time event viewer.
* Installing awstats


OSG Repo / MyOSG / Blogs / GratiaWeb / Web / GOC Ticket
* Allowing access to awstats pages with DigiCert certificates.
* Installing awstats on GOC Ticket